KR20230068005A - Electronic device and method for controlling vehicle based on driver authentication - Google Patents

Abstract

Various embodiments of the present invention provide a method and a device. The device comprises: a communication module; a memory; and a processor operatively connected to at least one of the communication module and the memory. The processor is configured to: transmit, when connected to a vehicle, mobile identity information stored in the memory to the vehicle through the communication module; receive, when authentication of the mobile identity information by the vehicle is completed, vehicle information from the vehicle; generate a digital key of the vehicle on the basis of the vehicle information or the mobile identity information; transmit the generated digital key to the vehicle; receive a digital key signed by the vehicle and driver identification information from the vehicle; and store the signed digital key and the driver identification information in the memory. Various embodiments are possible. Therefore, the present invention can enhance personal identification.

Description

Vehicle control method and electronic device based on driver authentication

Various embodiments of the present disclosure disclose a vehicle control method and electronic device based on driver authentication.

With the development of digital technology, various types of electronic devices such as mobile communication terminals, personal digital assistants (PDAs), electronic notebooks, smart phones, tablet PCs (personal computers), and wearable devices have been widely used. In order to support and increase functions of these electronic devices, hardware parts and/or software parts of electronic devices are continuously being developed.

On the other hand, related technologies (eg blockchain technology), systems and/or devices that can use mobile identification documents that can replace offline physical identification documents (eg plastic identification cards) through electronic devices. Standards (eg ISO 18013-5) are being discussed. An identity card may refer to a document managed by a state authority and capable of authenticating a user (eg, proof of identity), such as an identification card, a driver's license, and/or a passport.

For example, an identification card to prove identification information exists in the form of a plastic card and may need to be carried at all times. Recently, as various real cards are replaced in mobile devices, such as payment services using electronic devices, there is an increasing demand for identification cards that can prove the user's identity to be stored and used in electronic devices. According to an embodiment, the user can store the user's driver's license in an electronic device and show the mobile driver's license using the electronic device when necessary, even if the user does not carry the current plastic driver's license.

Vehicles are evolving not only to improve performance as a means of transportation, but also to improve various functions related to driver's safe driving. For example, development of an advanced driver assistance system (ADAS) or an autonomous vehicle is being actively conducted. For example, a vehicle may obtain various information from the outside through a wireless communication module, process the obtained information, support safe driving of a driver, and provide information to enable autonomous driving.

In various embodiments, driver identification information is authenticated when controlling a vehicle by matching driver identification information to a digital key stored in an electronic device instead of a physical key of the vehicle, and vehicle control (eg, door opening) is performed only by the authenticated driver. , start-up, autonomous driving) can be disclosed with respect to a method and device for allowing.

An electronic device according to various embodiments of the present disclosure includes a communication module, a memory, and a processor operatively connected to at least one of the communication module and the memory, wherein the processor determines when the electronic device is connected to a vehicle. Transmits the mobile ID information stored in the memory to the vehicle through the communication module, receives vehicle information from the vehicle, generates a digital key of the vehicle based on the vehicle information or the mobile ID information, and generates the transmits the signed digital key to the vehicle, receives the digital key signed by the vehicle and driver identification information from the vehicle, and stores the signed digital key and driver identification information in the memory.

An electronic device included in a vehicle according to various embodiments of the present disclosure includes a communication module, a memory, and a processor operatively connected to at least one of the communication module and the memory, the processor comprising: the electronic device When connected to a first external device, first mobile identification information is received from the first external device through the communication module, and vehicle information of the vehicle stored in the memory is converted into the first external device by authenticating the first mobile identification information. transmits to an external device, receives a first digital key from the first external device, authenticates the first digital key, signs the first digital key based on authentication of the first digital key, and First driver identification information corresponding to mobile identification information may be generated, and the signed first digital key and the first driver identification information may be transmitted to the first external device.

An operating method of an electronic device according to various embodiments of the present disclosure includes, when the electronic device is connected to a vehicle through a communication module, transmitting mobile ID information stored in a memory of the electronic device to the vehicle, and from the vehicle to the vehicle. An operation of receiving information, an operation of generating a digital key of the vehicle based on the vehicle information or the mobile identification information, an operation of transmitting the generated digital key to the vehicle, a digital key signed by the vehicle and the driver An operation of receiving identification information from the vehicle, and an operation of storing the signed digital key and the driver identification information in the memory.

According to various embodiments, personal identification can be strengthened by combining user's identity information with a biometric authentication-based digital key by strengthening driver authentication, security, and safety necessary for controlling an autonomous vehicle, and functions and A variety of application services can be provided.

According to various embodiments, user authentication and safety may be enhanced by permitting control of the vehicle when the validity of the driver's driver's license information is confirmed, as opposed to authenticating the digital key of the vehicle based on ownership.

According to various embodiments, when an accident occurs during autonomous driving, a data log stored in a vehicle can be automatically transferred to an electronic device, and based on settings of the electronic device or user confirmation, an insurance account linked to the user. Data log signed with a digital key can be delivered, so it can be usefully used as a technical basis for accident cause analysis and accident handling.

According to various embodiments, guidance from the current location of an electronic device to a vehicle is possible through remote control of a digital key using short-range wireless communication (eg, UWB, BLE), and a fee (parking fee) is linked to a user's account. , tolls, etc.) can be automatically settled.

According to various embodiments, by setting a departure point and a destination through a navigation application and issuing a digital key of a vehicle to an electronic device of another user (eg, a friend or a substitute driver), the digital key of another user and driver information are confirmed. Autonomous driving can be selectively allowed only in the case of

According to various embodiments, the validity of a user's driver's license may be checked through an application of a shared car or car rental service, and if the driver's license is valid, the user's driver's license and digital key may be issued to the user's mother electronic device.

According to various embodiments, when the driver's driver's license and digital key all match, the sharing car or rental car may be controlled (eg, door opening, starting, remote control, autonomous driving).

1 is a block diagram of an electronic device in a network environment according to various embodiments.
2A and 2B are diagrams illustrating a structure of a digital key of a vehicle stored in an electronic device according to various embodiments.
3A to 3C are diagrams illustrating an example of storing a digital key of a vehicle in an electronic device according to various embodiments.
4 is a diagram illustrating a mobile identification service system according to various embodiments.
5 is a block diagram illustrating a system of a vehicle according to various embodiments.
6 is a flowchart illustrating a method of issuing a digital key linked to a mobile identification card by linking an electronic device and a vehicle according to various embodiments.
7 is a flowchart illustrating a method of issuing a digital key linked to a mobile identification card in an electronic device according to various embodiments.
8 is a flowchart illustrating a method of issuing a digital key linked to a mobile identification card in a vehicle according to various embodiments.
9 is a flowchart illustrating a method of controlling a vehicle by authenticating a digital key associated with a mobile identification card according to various embodiments.
10 is a flowchart illustrating a method of controlling a vehicle using a digital key in an electronic device according to various embodiments.
11 is a flowchart illustrating a method of permitting vehicle control by authenticating a digital key in a vehicle according to various embodiments.
12 is a flow diagram illustrating a method of sharing a digital key according to various embodiments.
13 is a flowchart illustrating a method of sharing a digital key in a first electronic device according to various embodiments.
14 is another flowchart illustrating a method of sharing a digital key in a second electronic device according to various embodiments.

1 is a block diagram of an electronic device 101 in a network environment 100 according to various embodiments.

Referring to FIG. 1 , in a network environment 100, an electronic device 101 communicates with an electronic device 102 through a first network 198 (eg, a short-range wireless communication network) or through a second network 199. It may communicate with at least one of the electronic device 104 or the server 108 through (eg, a long-distance wireless communication network). According to one embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108 . According to an embodiment, the electronic device 101 includes a processor 120, a memory 130, an input module 150, an audio output module 155, a display module 160, an audio module 170, a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or the antenna module 197 may be included. In some embodiments, in the electronic device 101, at least one of these components (eg, the connection terminal 178) may be omitted or one or more other components may be added. In some embodiments, some of these components (eg, sensor module 176, camera module 180, or antenna module 197) are integrated into a single component (eg, display module 160). It can be.

The processor 120, for example, executes software (eg, the program 140) to cause at least one other component (eg, hardware or software component) of the electronic device 101 connected to the processor 120. It can control and perform various data processing or calculations. According to one embodiment, as at least part of data processing or operation, the processor 120 transfers instructions or data received from other components (e.g., sensor module 176 or communication module 190) to volatile memory 132. , processing commands or data stored in the volatile memory 132 , and storing resultant data in the non-volatile memory 134 . According to one embodiment, the processor 120 may include a main processor 121 (eg, a central processing unit or an application processor) or a secondary processor 123 (eg, a graphic processing unit, a neural network processing unit ( NPU: neural processing unit (NPU), image signal processor, sensor hub processor, or communication processor). For example, when the electronic device 101 includes the main processor 121 and the auxiliary processor 123, the auxiliary processor 123 may use less power than the main processor 121 or be set to be specialized for a designated function. can The secondary processor 123 may be implemented separately from or as part of the main processor 121 .

The secondary processor 123 may, for example, take the place of the main processor 121 while the main processor 121 is in an inactive (eg, sleep) state, or the main processor 121 is active (eg, running an application). ) state, together with the main processor 121, at least one of the components of the electronic device 101 (eg, the display module 160, the sensor module 176, or the communication module 190) It is possible to control at least some of the related functions or states. According to one embodiment, the auxiliary processor 123 (eg, image signal processor or communication processor) may be implemented as part of other functionally related components (eg, camera module 180 or communication module 190). there is. According to an embodiment, the auxiliary processor 123 (eg, a neural network processing device) may include a hardware structure specialized for processing an artificial intelligence model. AI models can be created through machine learning. Such learning may be performed, for example, in the electronic device 101 itself where the artificial intelligence model is performed, or may be performed through a separate server (eg, the server 108). The learning algorithm may include, for example, supervised learning, unsupervised learning, semi-supervised learning or reinforcement learning, but in the above example Not limited. The artificial intelligence model may include a plurality of artificial neural network layers. Artificial neural networks include deep neural networks (DNNs), convolutional neural networks (CNNs), recurrent neural networks (RNNs), restricted boltzmann machines (RBMs), deep belief networks (DBNs), bidirectional recurrent deep neural networks (BRDNNs), It may be one of deep Q-networks or a combination of two or more of the foregoing, but is not limited to the foregoing examples. The artificial intelligence model may include, in addition or alternatively, software structures in addition to hardware structures.

The memory 130 may store various data used by at least one component (eg, the processor 120 or the sensor module 176) of the electronic device 101 . The data may include, for example, input data or output data for software (eg, program 140) and commands related thereto. The memory 130 may include volatile memory 132 or non-volatile memory 134 .

The program 140 may be stored as software in the memory 130 and may include, for example, an operating system 142 , middleware 144 , or an application 146 .

The input module 150 may receive a command or data to be used by a component (eg, the processor 120) of the electronic device 101 from the outside of the electronic device 101 (eg, a user). The input module 150 may include, for example, a microphone, a mouse, a keyboard, a key (eg, a button), or a digital pen (eg, a stylus pen).

The sound output module 155 may output sound signals to the outside of the electronic device 101 . The sound output module 155 may include, for example, a speaker or a receiver. The speaker can be used for general purposes such as multimedia playback or recording playback. A receiver may be used to receive an incoming call. According to one embodiment, the receiver may be implemented separately from the speaker or as part of it.

The display module 160 may visually provide information to the outside of the electronic device 101 (eg, a user). The display module 160 may include, for example, a display, a hologram device, or a projector and a control circuit for controlling the device. According to one embodiment, the display module 160 may include a touch sensor set to detect a touch or a pressure sensor set to measure the intensity of force generated by the touch.

The audio module 170 may convert sound into an electrical signal or vice versa. According to one embodiment, the audio module 170 acquires sound through the input module 150, the sound output module 155, or an external electronic device connected directly or wirelessly to the electronic device 101 (eg: Sound may be output through the electronic device 102 (eg, a speaker or a headphone).

The sensor module 176 detects an operating state (eg, power or temperature) of the electronic device 101 or an external environmental state (eg, a user state), and generates an electrical signal or data value corresponding to the detected state. can do. According to one embodiment, the sensor module 176 may include, for example, a gesture sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a bio sensor, It may include a temperature sensor, humidity sensor, or light sensor.

The interface 177 may support one or more designated protocols that may be used to directly or wirelessly connect the electronic device 101 to an external electronic device (eg, the electronic device 102). According to one embodiment, the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.

The connection terminal 178 may include a connector through which the electronic device 101 may be physically connected to an external electronic device (eg, the electronic device 102). According to one embodiment, the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).

The haptic module 179 may convert electrical signals into mechanical stimuli (eg, vibration or motion) or electrical stimuli that a user may perceive through tactile or kinesthetic senses. According to one embodiment, the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.

The camera module 180 may capture still images and moving images. According to one embodiment, the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.

The power management module 188 may manage power supplied to the electronic device 101 . According to one embodiment, the power management module 188 may be implemented as at least part of a power management integrated circuit (PMIC), for example.

The battery 189 may supply power to at least one component of the electronic device 101 . According to one embodiment, the battery 189 may include, for example, a non-rechargeable primary cell, a rechargeable secondary cell, or a fuel cell.

The communication module 190 is a direct (eg, wired) communication channel or a wireless communication channel between the electronic device 101 and an external electronic device (eg, the electronic device 102, the electronic device 104, or the server 108). Establishment and communication through the established communication channel may be supported. The communication module 190 may include one or more communication processors that operate independently of the processor 120 (eg, an application processor) and support direct (eg, wired) communication or wireless communication. According to one embodiment, the communication module 190 is a wireless communication module 192 (eg, a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (eg, : a local area network (LAN) communication module or a power line communication module). Among these communication modules, a corresponding communication module is a first network 198 (eg, a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (eg, a legacy communication module). It may communicate with the external electronic device 104 through a cellular network, a 5G network, a next-generation communication network, the Internet, or a telecommunications network such as a computer network (eg, a LAN or a WAN). These various types of communication modules may be integrated as one component (eg, a single chip) or implemented as a plurality of separate components (eg, multiple chips). The wireless communication module 192 uses subscriber information (eg, International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199. The electronic device 101 may be identified or authenticated.

The wireless communication module 192 may support a 5G network after a 4G network and a next-generation communication technology, for example, NR access technology (new radio access technology). NR access technologies include high-speed transmission of high-capacity data (enhanced mobile broadband (eMBB)), minimization of terminal power and access of multiple terminals (massive machine type communications (mMTC)), or high reliability and low latency (ultra-reliable and low latency (URLLC)). -latency communications)) can be supported. The wireless communication module 192 may support a high frequency band (eg, mmWave band) to achieve a high data rate, for example. The wireless communication module 192 uses various technologies for securing performance in a high frequency band, such as beamforming, massive multiple-input and multiple-output (MIMO), and full-dimensional multiplexing. Technologies such as input/output (FD-MIMO: full dimensional MIMO), array antenna, analog beam-forming, or large scale antenna may be supported. The wireless communication module 192 may support various requirements defined for the electronic device 101, an external electronic device (eg, the electronic device 104), or a network system (eg, the second network 199). According to one embodiment, the wireless communication module 192 is a peak data rate for eMBB realization (eg, 20 Gbps or more), a loss coverage for mMTC realization (eg, 164 dB or less), or a U-plane latency for URLLC realization (eg, Example: downlink (DL) and uplink (UL) each of 0.5 ms or less, or round trip 1 ms or less) may be supported.

The antenna module 197 may transmit or receive signals or power to the outside (eg, an external electronic device). According to one embodiment, the antenna module 197 may include an antenna including a radiator formed of a conductor or a conductive pattern formed on a substrate (eg, PCB). According to one embodiment, the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is selected from the plurality of antennas by the communication module 190, for example. can be chosen A signal or power may be transmitted or received between the communication module 190 and an external electronic device through the selected at least one antenna. According to some embodiments, other components (eg, a radio frequency integrated circuit (RFIC)) may be additionally formed as a part of the antenna module 197 in addition to the radiator.

According to various embodiments, the antenna module 197 may form a mmWave antenna module. According to one embodiment, the mmWave antenna module includes a printed circuit board, an RFIC disposed on or adjacent to a first surface (eg, a lower surface) of the printed circuit board and capable of supporting a designated high frequency band (eg, mmWave band); and a plurality of antennas (eg, array antennas) disposed on or adjacent to a second surface (eg, a top surface or a side surface) of the printed circuit board and capable of transmitting or receiving signals of the designated high frequency band. can do.

At least some of the components are connected to each other through a communication method between peripheral devices (eg, a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)) and signal ( e.g. commands or data) can be exchanged with each other.

According to an embodiment, commands or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199 . Each of the external electronic devices 102 or 104 may be the same as or different from the electronic device 101 . According to an embodiment, all or part of operations executed in the electronic device 101 may be executed in one or more external electronic devices among the external electronic devices 102 , 104 , or 108 . For example, when the electronic device 101 needs to perform a certain function or service automatically or in response to a request from a user or another device, the electronic device 101 instead of executing the function or service by itself. Alternatively or additionally, one or more external electronic devices may be requested to perform the function or at least part of the service. One or more external electronic devices receiving the request may execute at least a part of the requested function or service or an additional function or service related to the request, and deliver the execution result to the electronic device 101 . The electronic device 101 may provide the result as at least part of a response to the request as it is or additionally processed. To this end, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used. The electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device 104 may include an internet of things (IoT) device. Server 108 may be an intelligent server using machine learning and/or neural networks. According to one embodiment, the external electronic device 104 or server 108 may be included in the second network 199 . The electronic device 101 may be applied to intelligent services (eg, smart home, smart city, smart car, or health care) based on 5G communication technology and IoT-related technology.

Electronic devices according to various embodiments disclosed in this document may be devices of various types. The electronic device may include, for example, a portable communication device (eg, a smart phone), a computer device, a portable multimedia device, a portable medical device, a camera, a wearable device, or a home appliance. An electronic device according to an embodiment of the present document is not limited to the aforementioned devices.

Various embodiments of this document and terms used therein are not intended to limit the technical features described in this document to specific embodiments, but should be understood to include various modifications, equivalents, or substitutes of the embodiments. In connection with the description of the drawings, like reference numbers may be used for like or related elements. The singular form of a noun corresponding to an item may include one item or a plurality of items, unless the relevant context clearly dictates otherwise. In this document, "A or B", "at least one of A and B", "at least one of A or B", "A, B or C", "at least one of A, B and C", and "A Each of the phrases such as "at least one of , B, or C" may include any one of the items listed together in that phrase, or all possible combinations thereof. Terms such as "first", "second", or "first" or "secondary" may simply be used to distinguish that component from other corresponding components, and may refer to that component in other respects (eg, importance or order) is not limited. A (eg, first) component is said to be "coupled" or "connected" to another (eg, second) component, with or without the terms "functionally" or "communicatively." When mentioned, it means that the certain component may be connected to the other component directly (eg by wire), wirelessly, or through a third component.

The term "module" used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, and is interchangeable with terms such as, for example, logic, logical blocks, parts, or circuits. can be used as A module may be an integrally constructed component or a minimal unit of components or a portion thereof that performs one or more functions. For example, according to one embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

Various embodiments of this document provide one or more instructions stored in a storage medium (eg, internal memory 136 or external memory 138) readable by a machine (eg, electronic device 101). It may be implemented as software (eg, the program 140) including them. For example, a processor (eg, the processor 120 ) of a device (eg, the electronic device 101 ) may call at least one command among one or more instructions stored from a storage medium and execute it. This enables the device to be operated to perform at least one function according to the at least one command invoked. The one or more instructions may include code generated by a compiler or code executable by an interpreter. The device-readable storage medium may be provided in the form of a non-transitory storage medium. Here, 'non-temporary' only means that the storage medium is a tangible device and does not contain a signal (e.g. electromagnetic wave), and this term refers to the case where data is stored semi-permanently in the storage medium. It does not discriminate when it is temporarily stored.

According to one embodiment, the method according to various embodiments disclosed in this document may be included and provided in a computer program product. Computer program products may be traded between sellers and buyers as commodities. A computer program product is distributed in the form of a device-readable storage medium (eg compact disc read only memory (CD-ROM)), or through an application store (eg Play Store ^TM ) or on two user devices ( It can be distributed (eg downloaded or uploaded) online, directly between smart phones. In the case of online distribution, at least part of the computer program product may be temporarily stored or temporarily created in a device-readable storage medium such as a manufacturer's server, an application store server, or a relay server's memory.

According to various embodiments, each component (eg, module or program) of the above-described components may include a single object or a plurality of entities, and some of the plurality of entities may be separately disposed in other components. there is. According to various embodiments, one or more components or operations among the aforementioned corresponding components may be omitted, or one or more other components or operations may be added. Alternatively or additionally, a plurality of components (eg modules or programs) may be integrated into a single component. In this case, the integrated component may perform one or more functions of each of the plurality of components identically or similarly to those performed by a corresponding component of the plurality of components prior to the integration. . According to various embodiments, the actions performed by a module, program, or other component are executed sequentially, in parallel, iteratively, or heuristically, or one or more of the actions are executed in a different order, or omitted. or one or more other actions may be added.

2A illustrates a network environment in which a digital key of a vehicle is issued and shared in an electronic device according to various embodiments.

Referring to FIG. 2A, the digital key system includes a vehicle 201, a vehicle server 230 (eg, the server 108 of FIG. 1), a first electronic device (eg, the electronic device 101 of FIG. 1, hereinafter, Among the first electronic device 101), the first electronic device server 250, the second electronic device 203 (eg, the electronic device 102 of FIG. 1), and the second electronic device server 210 may contain at least one. The first electronic device 101 may refer to an electronic device of an owner who owns a vehicle key of the vehicle 201 (hereinafter referred to as 'user' or 'first user'). The second electronic device 203 may refer to an electronic device of another user (hereinafter referred to as a 'second user') that shares a vehicle key of the vehicle 201 with the first electronic device 101 .

The vehicle server 230 may issue a certificate required for digital key issuance to the vehicle 201 . The vehicle server 230 may be connected to the first electronic device server 250 or the second electronic device server 210 . The vehicle server 230 relays communication between the first electronic device server 250 and the second electronic device server 210 when the first electronic device 101 shares the vehicle key with the second electronic device 203. can do. The vehicle server 230 provides key sharing information (eg, information on the second digital key issued to the second electronic device 203) to the vehicle 201, and provides information about vehicle 201 control to a database. can manage

The first electronic device server 250 may issue a certificate necessary for issuing a digital key to the first electronic device 101 . The first electronic device server 250 may be connected to the vehicle server 230 . When the first electronic device 101 shares a vehicle key with the second electronic device 203, the first electronic device server 250 may remotely perform a key sharing operation in conjunction with the vehicle server 230. .

The second electronic device server 210 may issue a certificate required for digital key issuance to the second electronic device 203 . The second electronic device server 210 may be connected to the vehicle server 230 . When the first electronic device 101 shares a vehicle key with the second electronic device 203, the second electronic device server 210 may remotely perform a key sharing operation in conjunction with the vehicle server 230. .

Hereinafter, a digital key issuing operation will be described.

The owner of the vehicle 201 owns a vehicle key (eg, a real vehicle key) of the vehicle 201 and can request issuance of a digital key by boarding the vehicle 201 . The vehicle 201 uses a communication module (eg, the communication module 530 of FIG. 5 ) or a sensor module (eg, the sensor module 590 of FIG. 5 ) to use a real vehicle key corresponding to the vehicle 201 (eg, the sensor module 590 of FIG. 5 ). smart key). The vehicle 201 may recognize the actual vehicle key and receive a digital key issuance request through at least one of a menu displayed through a display (eg, the display 510 of FIG. 5 ), a set button, or a set voice recognition. there is. The process for issuing the digital key may follow the specifications defined in Car Connectivity Consortium (CCC) as owner pairing. Hereinafter, information exchange (eg, transmission or reception) between the vehicle 201 and the first electronic device 101 may be performed by an encrypted protocol.

For better understanding of the present invention, the vehicle 201 connects encrypted communication with the first electronic device 101 in response to the request for issuance of the digital key, and requests a mobile ID to the first electronic device 101. can Since the mobile ID is related to the first user of the first electronic device 101, it may be referred to as a first mobile ID. The vehicle 201 may receive (or obtain) the first mobile identification card from the first electronic device 101 according to the request.

The first mobile ID (or the mobile ID information) according to various embodiments may include mobile ID signature information (eg, issuer signed item) and mobile security object (MSO) information. The mobile ID signature information may include at least one of a digest ID, a random value, an element identifier of a mobile ID, and an element value of a mobile ID. The digest ID may mean an identifier for authenticating a mobile ID from an issuing authority (eg, the server 401 of FIG. 4 ). The random value may be a value for encrypting the information identifier of the mobile ID. The information identifier of the mobile ID is a name, date of birth, issuance date, expiration date (or expiration date), issuing agency, ID identification number (eg, resident registration number, driver's license number, etc.) corresponding to the first user, or a photo ( Example: face picture). The information value of the mobile ID may include a value for an identifier of the mobile ID.

The MSO information may include hash values of values included in the mobile ID signature information. The MSO information may be issued after being signed with a private key of an issuing authority (eg, the server 401 of FIG. 4 ). The MSO information may include at least one of an MSO version, a hash algorithm version, a digest value, device information, a doctype, and validity information. The hash algorithm version may be a hashed version of the mobile ID signature information. The hash algorithm version may be one of SHA256, SHA384, and SHA512 algorithms. The device information may be information about an electronic device that stores the mobile ID signature information. The digest value may be a hash value of the mobile ID signature information. The digest value may be a value obtained by hashing a digest ID, a random value, an information identifier of a mobile ID, or an information value of a mobile ID using the hash algorithm version.

The vehicle 201 may authenticate the obtained first mobile driver's license (mDL) information, and transmit the vehicle information to the first electronic device 101 when the authentication is completed. Authentication of the mobile ID may be performed according to standard specifications defined by ISO (eg, ISO 18013-5). Authentication of the mobile ID may be performed in a device-based mode (eg, device data retrieval mode) or a server-based mode (eg, server data retrieval mode), but when the digital key is issued in the first electronic device 101, the mobile identification It can be performed in a device-based mode for use. Authentication of the mobile ID will be described in detail with reference to FIG. 4 below.

According to various embodiments, the vehicle 201 may further receive device information of the first electronic device 101 . The device information of the first electronic device 101 may include at least one of a phone number, a serial number, a model name, or a type of the first electronic device 101 . The vehicle 201 authenticates the device information of the first electronic device 101 along with the authentication of the mobile ID card, and transmits the vehicle information to the first electronic device 101 when the authentication of the mobile ID card and the device information is completed. can

Since the digital key to replace the real vehicle key should include vehicle information, the vehicle 201 may transmit the vehicle information. The vehicle information may include at least one of a vehicle name, vehicle type, vehicle serial number (or vehicle identification number), vehicle release date (or production date), or vehicle production country. When transmitting the vehicle information, the vehicle 201 may include and transmit the first mobile ID information in the vehicle information. The first mobile identification information may be the same as information included in the first mobile identification card or may include only part of information included in the first mobile identification card. For example, the first mobile ID information may include a digest ID or digest of a first ID identification number (or a name corresponding to the first user) included in the first mobile ID. The data (or items) included in the vehicle information or the first mobile identification information are listed to help understanding of the invention, and may be less or more than described. For example, the vehicle 201 may include the first mobile ID information in configuration information (eg, endpoint configuration data) of the vehicle information and transmit the information to the first electronic device 101 .

The first electronic device 101 may receive vehicle information including the first mobile ID information from the vehicle 201 . The first electronic device 101 transmits the first mobile ID information included in the received vehicle information to the first mobile ID information (eg, the vehicle 201) stored in a memory (eg, the memory 130 of FIG. 1 ). It is determined whether it corresponds to one mobile ID information), and if they match, a digital key (eg, an encryption key pair) can be generated. Since the digital key is issued to the first electronic device 101, it may be referred to as a 'first digital key' hereinafter. For example, the first electronic device 101 may check whether the digest ID or digest of the ID identification number of the first mobile ID information included in the vehicle information matches MSO information stored in the memory 130 . Since the MSO information is a hashed value of mobile ID information (eg, mobile ID signature information), the first electronic device 101 hashes the digest ID or digest of the ID identification number to determine whether it matches the digest value of the MSO. can do.

If authentication of the first mobile ID information included in the vehicle information is successful, the first electronic device 101 may generate the first digital key based on the vehicle information or the first mobile ID information. The first electronic device 101 may generate the first digital key using a certificate issued by the first electronic device server 250 . The first digital key may include the vehicle information or the first mobile ID information.

According to various embodiments, the first electronic device 101 further provides device information (eg, phone number, serial number, model name or type of the first electronic device 101, etc.) of the first electronic device 101. The first digital key may also be generated by using. In this case, the first digital key may further include device information of the first electronic device 101 as well as the vehicle information or the first mobile ID information. Since the first digital key cannot be moved to another device, when a user replaces an electronic device (eg, a new electronic device), a new digital key can be issued. When the first mobile ID information included in the vehicle information does not match the first mobile ID information stored in the memory 130, the first electronic device 101 does not generate a digital key or requests the vehicle information again. Alternatively, the mobile ID information can be downloaded again from the issuing authority. The first electronic device 101 may transmit the generated digital key to the vehicle 201 .

The vehicle 201 receives the first digital key, determines whether the first mobile identification information included in the first digital key corresponds to the first mobile identification information included in the vehicle information, and if they match, the The first digital key can be signed with the private key of the vehicle 201 . The vehicle 201 may store a vehicle key including a private key and a public key of the vehicle in a memory of the vehicle 201 . In addition, the vehicle 201 may generate driver identification information by signing the first mobile identification information with a private key of the vehicle 201 . Since the driver identification information corresponds to the first electronic device 101, it may be referred to as 'first driver identification information' hereinafter. The generated first driver identification information may include the first mobile ID information or may correspond to the first mobile ID information. The vehicle 201 may bind (or match) the first driver identification information to the signed first digital key and store it in a memory (eg, the memory 570 of FIG. 5 ).

When control of the vehicle 201 (eg, door opening, ignition, autonomous driving) is requested (or attempted) from the first electronic device 101, the vehicle 201 identifies the first digital key or the first driver. Control of the vehicle 201 by the first electronic device 101 may be permitted or disallowed by authenticating the information. The vehicle 201 may transmit the first digital key signed with the private key of the vehicle 201 or the generated first driver identification information to the first electronic device 101 .

The first electronic device 101 may receive the first digital key signed with the private key of the vehicle 201 or the first driver identification information from the vehicle 201 . The first electronic device 101 may bind (or match) the first driver identification information to the signed first digital key and store it in a memory (eg, the memory 130 of FIG. 1 ). For example, the first electronic device 101 may store the signed first digital key or the first driver identification information in a private mailbox of a digital key applet. Since the first digital key received from the vehicle 201 is signed with the private key of the vehicle 201, it may be different from the first digital key transmitted to the vehicle 201.

In the following, the digital key sharing operation is explained.

When digital key sharing is requested from the second electronic device 203 , the first electronic device 101 can authenticate the mobile ID information of the second electronic device 203 . When sharing the digital key, the first electronic device 101 is the electronic device (or system) of the car rental company or the user's electronic device, and the second electronic device 203 is the car rental company or the second user who rents a car from the user ( e.g. consumers, family members, acquaintances, etc.). Since the mobile ID information of the second electronic device 203 corresponds to the second electronic device 203, it may be referred to as 'second mobile ID information' hereinafter. The first electronic device 101 may receive second mobile ID information from the second electronic device 203 .

The first electronic device 101 authenticates the second mobile ID information, and when the authentication of the second mobile ID information is completed, it can transmit vehicle information of the vehicle 201 to the second electronic device 203 . Authentication of the second mobile ID information is the same as authentication of the first mobile ID information, so detailed descriptions can be omitted. Since the first digital key stored in the memory 130 of the first electronic device 101 is generated based on the vehicle information of the vehicle 201, the first electronic device 101 uses the first digital key to obtain the vehicle 201 ) can identify (or obtain) vehicle information. When digital key sharing is requested from the second electronic device 203, the first electronic device 101 may transmit vehicle information of the vehicle 201 instead of the vehicle 201. Alternatively, the vehicle server 230 may transmit the vehicle information to the second electronic device 203 at the request of the first electronic device 101 . According to various embodiments, the first electronic device 101 may transmit the vehicle information with or without including the second mobile ID information.

The second electronic device 203 may receive the vehicle information and generate a digital key based on the vehicle information. Since the digital key corresponds to the second electronic device 203, it may be referred to as a 'second digital key' hereinafter. The second electronic device 203 may generate the second digital key based on a certificate issued by the second electronic device server 210 . According to various embodiments, the second electronic device 203 may generate the second digital key based on the vehicle information and the second mobile ID information. The second digital key may include the vehicle information and the second mobile ID information.

According to various embodiments, the second electronic device 203 determines whether the second mobile ID information included in the vehicle information corresponds to the second mobile ID information stored in the memory, and if they match, the vehicle information It is possible to generate the second digital key based on. The second electronic device 203 may transmit the generated second digital key to the first electronic device 101 .

According to various embodiments, the second electronic device 203 further provides device information (eg, phone number, serial number, model name or type of the second electronic device 203, etc.) of the second electronic device 203. The second digital key may also be generated by using. In this case, the second digital key may further include device information of the second electronic device 203 as well as the vehicle information or the second mobile ID information.

The first electronic device 101 may receive the second digital key from the second electronic device 203 and generate second driver identification information signed by the first digital key with the received second digital key. there is. The first digital key may be a digital key of the first electronic device 101 . The second driver identification information may include second mobile ID information of the second electronic device 203 . The first electronic device 101 binds the second driver identification information (eg, Digest ID and Digest corresponding to the driver identification number to arbitrary_data of Authorized Endpoint Attestation data field) to the signed second digital key and stores it in a memory. can The first electronic device 101 can sign the second digital key with the first digital key stored in the memory. The first electronic device 101 may transmit the signed second digital key or the second driver identification information to the second electronic device 203 .

According to various embodiments, the signed second digital key or the second driver identification information may be transmitted to the vehicle 201 through the vehicle server 230 . The vehicle 201 may store the signed second digital key or the second driver identification information. When control of the vehicle 201 (eg, door opening, ignition, autonomous driving) is requested (or attempted) from the second electronic device 203, the vehicle 201 identifies the second digital key or the second driver. Control of the vehicle 201 by the second electronic device 203 may be permitted or disallowed by authenticating the information.

The first electronic device 101 can check vehicle information included in the second digital key. Since the vehicle information is included in the second digital key, it may be determined whether the vehicle information corresponds to the vehicle information transmitted from the first electronic device 101 . When vehicle information included in the second digital key corresponds to vehicle information transmitted from the first electronic device 101, the first electronic device 101 assigns the first digital key to the received second digital key. you can sign The first electronic device 101 may transmit the signed second digital key or the second driver identification information to the second electronic device 203 .

The second electronic device 203 may receive the signed second digital key or second driver identification information from the first electronic device 101 and store it in a memory. The second electronic device 203 may store the signed second digital key or the second driver identification information in a personal mailbox of the digital key applet. Since the second digital key received from the first electronic device 101 is signed with the first digital key of the first electronic device 101, it may be different from the second digital key transmitted to the first electronic device 101. there is.

2B illustrates a certificate chain structure of a digital key of a vehicle according to various embodiments.

Referring to FIG. 2B , the first electronic device server 250 (or the second electronic device server 210) may include and operate an electronic device CA 255 (certificate authority). The vehicle server 230 may include and operate the vehicle CA 235 . The CA may play a role of guaranteeing a server to which the first electronic device 101 (or the second electronic device 203) or the vehicle 201 has access. The electronic device CA 255 and the vehicle CA 235 may cross-certify each CA to verify a certificate chain between the electronic device manufacturer and the vehicle manufacturer.

The electronic device CA 255 may issue an instance CA for each vehicle to the first electronic device 101 (or the second electronic device 203). The first electronic device 101 may issue a digital key through owner pairing with the vehicle 201 . Upon owner pairing, the electronic device and the vehicle may exchange instance CAs of the electronic device and CAs of the vehicle. Owner pairing may follow the specifications defined in CCC. For example, the electronic device CA 255 issues a first instance CA (instance CA 1, 261) corresponding to a first automobile company, and issues a second instance CA (instance CA 2, 262) corresponding to a second automobile company. ), and may issue a third instance CA (instance CA 3, 263) in response to the third automobile company.

For example, when the user of the first electronic device 101 owns a vehicle of a first automobile company, the first electronic device 101 receives a first instance CA 261 issued, and the first instance CA 261 ), a first digital key (digital key 1, 271) or a second digital key (digital key 2, 272) may be generated. Alternatively, when the user of the first electronic device 101 owns a vehicle of a second automobile company, the first electronic device 101 obtains the second instance CA 262 and uses the second instance CA 262 Based on this, a third digital key (digital key 3, 273) can be generated. When the user of the first electronic device 101 owns a vehicle of a third automobile company, the first electronic device 101 obtains the third instance CA 263, and based on the third instance CA 263, A fourth digital key (digital key 4, 274) can be generated.

The vehicle CA 235 may issue a CA (eg, an intermediate CA) for each country according to a vehicle manufacturer's policy, and may issue a certificate for a vehicle key to each vehicle. For example, vehicle CA 235 may issue intermediate CA 1 281 and intermediate CA 2 282 , and may cause vehicle key 283 to be issued based on intermediate CA 1 281 . The vehicle key 283 may include a private key and a public key of the vehicle 201 as a key pair.

Verification of digital keys (eg, the first digital key 271 to the fourth digital key 274) may be verified through a CA certificate chain. Digital key verification may follow the specifications defined in CCC.

3A is a diagram illustrating an architecture for storing a digital key of a vehicle in an electronic device according to various embodiments.

Referring to FIG. 3A , an electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments includes a vehicle application 310, a digital key control application 315, a digital key framework 320, a digital It may include at least one of a key applet 325 and a connectivity 330 .

The vehicle application 310 or the digital key control application 315 may be an application used by the user of the electronic device 101 to control the digital key.

The digital key framework 320 is for controlling the digital key applet 325 in the electronic device 101, and connects the vehicle application 310 or the digital key control application 315 and the digital key applet 325. An application programming interface (API) can be provided.

The digital key applet 325 is stored in the secure element of the electronic device 101, and an encryption key or certificate corresponding to the digital key may be stored.

The connectivity 330 may provide communication between the electronic device 101 and a vehicle (eg, the vehicle 201 of FIG. 2A ). For example, the connectivity 330 may communicate with the vehicle 201 through at least one of Bluetooth, ultra wide band (UWB), and near field communication (NFC).

3B is a diagram illustrating an instance of a digital key applet included in an electronic device according to various embodiments.

Referring to FIG. 3B , the digital key applet 325 may include an instance therein. The digital key applet 325 may issue a certificate corresponding to an instance for each vehicle manufacturer of the vehicle 201 and store an encryption key related to the certificate. The digital key applet 325 may receive multiple digital keys for each vehicle under an instance for each vehicle manufacturer. For example, the digital key applet 325 includes a first instance 350 issued by a first vehicle manufacturer, a second instance 360 issued by a second vehicle manufacturer, and a third instance issued by a third vehicle manufacturer ( 370) may be included. Including three different instances of the digital key applet 325 could mean owning or sharing three different vehicles.

The first instance 350 may be one in which the first digital key 353 and the second digital key 355 are signed with the first instance CA (eg, the first instance CA 261 of FIG. 2B ). The second instance 360 may be one in which the third digital key 363 is signed with the second instance CA (eg, the second instance CA 262 of FIG. 2B ). The third instance 370 may be one in which the fourth digital key 373 and the fifth digital key 375 are signed with a third instance CA (eg, the third instance CA 263 of FIG. 2B ). When a plurality of digital keys are stored in one certificate, a plurality of vehicles of the same vehicle manufacturer may be owned or shared.

For example, when the owner of the first electronic device 101 owns or shares a first vehicle, the first electronic device 101 receives a first instance CA 261 corresponding to the first vehicle, and The first digital key 353 and the second digital key 355 may be stored based on the 1-instance CA 261 . For example, the first digital key 353 may be for a first vehicle of the first vehicle manufacturer, and the second digital key 355 may be for a second vehicle of the first vehicle manufacturer.

In addition, when the owner of the first electronic device 101 owns or shares a second vehicle, the first electronic device 101 receives a second instance CA 262 corresponding to the second vehicle, and the second instance CA 262 is issued. A third digital key 363 may be stored based on the CA 262 . Alternatively, when the owner of the first electronic device 101 owns or shares a third vehicle, the first electronic device 101 receives a third instance CA 263 corresponding to the third vehicle, and the third instance CA 263 is issued. Based on the CA 263, a fourth digital key 373 and a fifth digital key 375 may be stored. For example, the fourth digital key 373 may be for a third vehicle of a third vehicle manufacturer, and the fifth digital key 375 may be for a fourth vehicle of a third vehicle manufacturer.

Each digital key may include a private mailbox and a confidential mailbox. The personal mailbox may include option information or proprietary information corresponding to the issued digital key. The driver identification information of the present invention is optional information and can be stored in a personal mailbox. Depending on the vehicle manufacturer's option, the trust mailbox can store an immobilizer token that can be started only after two-factor authentication for security.

3C is a diagram illustrating a mailbox structure of a digital key applet according to various embodiments.

Referring to FIG. 3C, the second electronic device 203 includes a second digital key applet 380, and the second digital key applet 380 includes an encryption key pair 381 for a second digital key and a second personal mailbox. 382 and a second trusted mailbox 383. The digital key applet 325 included in the first electronic device 101 may include a first digital key encryption key pair 391, a first personal mailbox 392, and a first trusted mailbox 393. The memory of vehicle 101 may include an encryption key pair 395 for a digital key and data storage 397 . The encryption key pair 395 stored in the vehicle 101 is at least one of a vehicle key encryption key pair (eg, a private key and a public key), a first digital key encryption key pair 391, and a second digital key encryption key pair 381. can be included The data storage 397 may include configuration information for digital key generation, and may include, for example, driver identification information.

4 is a block diagram illustrating a mobile identification service system according to various embodiments.

Referring to FIG. 4 , the mobile ID service system 400 may include a server 401, a reader device 405, and an electronic device (eg, the electronic device 101 of FIG. 1).

According to one embodiment, an identification card is a document managed by a state authority and capable of authenticating a user (eg, identification), such as an identification card, a driver's license, and/or a passport ( or real name verification certificate). According to an embodiment, the mobile ID or mobile ID service may include a service for using a physical ID through the electronic device 101 .

The server 401 may include, for example, a server of an issuing authority (IA) of a mobile ID. According to an embodiment, the server 401 may store and manage identification information of a physical identification card. For example, identification information corresponding to a driver's license obtained by a user (eg, a license holder) may be stored. According to one embodiment, the identification information may include, for example, user's personal information such as user name, ID photo (eg, face image), date of birth, and/or gender, user's signature, identification number (eg, license number). ), issuing authority, and/or identification information related to the user's acquired ID, such as the renewal period. For example, when a user of the electronic device 101 acquires a driver's license, identification information of the driver's license obtained by the user and personal information of the user may be registered in the server 401 .

The reader device 405 is a device of a verifier (eg, a user's identity verifier, eg, a police officer or a seller in a store), obtains at least some information included in the mobile identification card from the electronic device 101, and It may include a device for verifying the user's identity based on the identification card.

The electronic device 101 wirelessly communicates with the server 401 through a first network (eg, a Wi-Fi network and/or a cellular network), and uses a second network (eg, an out of band (OOB) network) as a reader device ( 405) and various types of devices including a function of providing data related to the mobile identification to the server 401 and/or the reader device 405. For example, the electronic device 101 may include a mobile device such as a smart phone, a tablet PC (personal computer), and/or a wearable device.

The electronic device 101 receives a mobile ID card issued from the server 401 in the mobile ID system, stores it in a secure area (eg, TA and/or eSE), and uses the mobile ID card in a usage environment (eg, device-based mode or server-based mode). ), it may indicate a holder that provides (eg, displays or transmits) at least some information of the mobile ID. According to some embodiments, the security area may be a space (or area) included in a partial area of a memory (eg, the memory 130 of FIG. 1 ) or may be a separate chip physically separated from the memory 130. One embodiment According to an example, the electronic device 101 may verify whether the identity information for the mobile identification card matches while interacting with the server 401. According to an embodiment, the electronic device 101 may interact with the reader device 405 And at least some information of the mobile identification may be provided through a designated authentication protocol.

The device-based mode may represent an example of providing a mobile ID service in a state in which a mobile ID card (or mobile ID data) is directly issued from the server 401 (eg, an issuing authority). The device-based mode may be an offline mode. The operation according to the device-based mode may include, for example, a device engagement operation and a data transfer (offline) operation.

The device engagement operation may include a preliminary operation of connecting to perform data transfer between the electronic device 101 and the reader device 405 offline. For example, the electronic device 101 has a parameter value to be set with the reader device 405 for data transfer through an identification code (eg, QR code and/or barcode) or OOB (eg, NFC) communication. may be included in the device engagement data, and the reader device 405 may read the device engagement data through an identification code or an OOB communication connection. According to an embodiment, the electronic device 101 may generate an ephemeral public key and include it in device engagement data for end-to-end encrypted communication.

In the data transfer operation, the reader device 405 requests desired mobile ID data (or data elements) from the electronic device 101 offline, and the electronic device 101 transfers the requested mobile ID data from the reader device 405. It can include actions that are provided offline. According to an embodiment, the reader device 405 may request mobile ID data by generating an ephemeral key and then encrypting it with a session key, and the electronic device 101 encrypts it with the session key and ID data can be provided (e.g. end to end encrypted communication). According to an embodiment, the data transfer operation is based on OOB communication (eg, BLE, NFC, UWB, Zigbee, and/or Wi-Fi 2.4GHz communication) between the electronic device 101 and the reader device 405. can be performed by

The server-based mode may represent an example of providing a mobile ID service in a state in which the electronic device 101 does not receive a mobile ID card (or mobile ID data) from the server 401 . The operation according to the server-based mode may include, for example, a device engagement operation and a data transfer (offline) operation. The device-based mode may be an online mode. remind

The device engagement operation may include a preliminary operation for the electronic device 101 to transmit mobile ID data to the reader device 405 online. For example, the electronic device 101 may generate address information (eg, URL) and a one-time token of the server 401 and include them in device engagement data, and the reader device 405 may generate an identification code (eg, a token). : QR code and/or barcode) or OOB (e.g. NFC) communication to read device engagement data.

According to an embodiment, the data transfer operation is performed by the reader device 405 accessing the server 401 according to the address information of the server 401 included in the device engagement data of the electronic device 101, ) to the server 401 for online requesting the mobile ID data including the token received. According to an embodiment, the server 401 may check the acquired token from the reader device 405 and transmit mobile ID data requested by the reader device 405 to the reader device 405 online. Here, a communication channel for online communication between the server 401 and the reader device 405 can be protected by encrypted communication using HTTPS (hypertext transfer protocol secure).

Hereinafter, embodiments of the present disclosure may include an example of operation in a device-based mode in which the electronic device 101 operates in a state in which a mobile ID card is directly issued from the server 401 in a system structure for a mobile ID service. there is.

5 is a block diagram illustrating a system of a vehicle according to various embodiments.

Referring to FIG. 5 , the vehicle 201 system includes a display 510, a communication module 530, a processor 550, a memory 570 (eg, the memory 570 of FIG. 1), or a sensor module 590. (eg, the sensor module 176 of FIG. 1). The vehicle 201 system may further include fewer or more components (eg, an audio module, a sound output module, etc.) than those described above.

The display 510 (eg, the display module 160 of FIG. 1 ) may visually provide information to the outside of the vehicle 201 (eg, the user). The display 510 may include, for example, a display, a hologram device, or a projector and a control circuit for controlling the device. According to one embodiment, the display 510 may include a touch sensor configured to detect a touch or a pressure sensor configured to measure the intensity of force generated by the touch.

The communication module 530 (eg, the communication module 190 of FIG. 1 ) is a direct (eg, wired) communication channel between the vehicle 201 and an external electronic device (eg, the electronic device 101 or the server 108). Alternatively, it may support establishing a wireless communication channel and performing communication through the established communication channel. The communication module 530 may include one or more communication processors that operate independently of the processor 550 (eg, an application processor) and support direct (eg, wired) communication or wireless communication.

Processor 550 (eg, processor 120 of FIG. 1 ) executes software (eg, program 140 ) to perform at least one other component (eg, hardware or software component), and can perform various data processing or calculations. According to one embodiment, as at least part of data processing or calculation, processor 550 stores instructions or data received from other components (eg, display 510 or communication module 530) in memory 570. , processing commands or data stored in the volatile memory 570, and storing resultant data in the memory 570.

The processor 550 may perform owner pairing by communicating with an electronic device (eg, the electronic device 101 of FIG. 1 ). Upon owner pairing, the processor 550 may receive mobile ID information from the electronic device 101 and authenticate the received mobile ID information by performing the operation of FIG. 4 . When authentication of the mobile ID information is successfully completed, the processor 550 may transmit vehicle information stored in the memory 570 to the electronic device 101 . The processor 550 may include the authenticated mobile ID information in the vehicle information and transmit the same. The processor 550 may receive a digital key from the electronic device 101 and authenticate the received digital key.

For example, the processor 550 determines whether the mobile ID information included in the digital key corresponds to the mobile ID information included in the vehicle information, and if they match, the digital key is signed with the private key of the vehicle 201. can do. The private key of vehicle 201 may be stored in memory 570 . The processor 550 may generate driver identification information by signing (or encrypting) the mobile identification information with the private key of the vehicle 201 . The processor 550 may transmit the signed digital key and the generated driver identification information to the electronic device 101 . The processor 550 may bind (or match) the driver identification information to the signed digital key and store it in the memory memory 570 .

When the processor 550 recognizes an attempt to open the door by the digital key, it can authenticate the digital key. The processor 550 may authenticate the digital key by performing a mutual authentication protocol to determine if the digital key matches the private key of the vehicle 201 . After the digital key authentication, the processor 550 may obtain mobile ID information from the electronic device 101 and perform the operation of FIG. 4 to authenticate the mobile ID information. When authentication of the mobile ID information is successfully completed, the processor 550 may receive driver identification information from the electronic device 101 . The processor 550 may determine whether the received driver identification information is the same as driver identification information bound to the signed digital key stored in the memory 570 . Based on the determination result, the processor 550 may permit or disallow control of the vehicle 201 (eg, door opening, engine start, autonomous driving). For example, the processor 550 may permit control of the vehicle 201 when the received driver identification information is the same as the driver identification information stored in the memory 570 .

The processor 550 is a vehicle server (eg, the vehicle server 230 of FIG. 2A) or a second electronic device (eg, the electronic device 102 of FIG. 1 or the second electronic device of FIG. 2A) from the electronic device 101 ( A second digital key and second driver identification information corresponding to 203)) may be received. The processor 550 may store the second digital key and the second driver identification information in the memory 570 . The processor 550 may authenticate the second digital key and the second driver identification information when recognizing an attempt to open the door by the second digital key. The processor 550 may permit or disallow control of the vehicle 201 based on the authentication result.

The memory 570 may store various data used by at least one component of the vehicle 201 (eg, the processor 550 or the sensor module 590). Data may include, for example, input data or output data for software and related instructions. The memory 570 may include at least one of vehicle information of the vehicle 201, an encryption key pair for a vehicle key (eg, a private key, a public key), an encryption key pair for a digital key, configuration information for generating a digital key, or driver identification information. there is.

The sensor module 590 detects an operating state (eg, power or temperature) of the vehicle 201 or an external environmental state (eg, a user state), and generates an electrical signal or data value corresponding to the detected state. can According to one embodiment, the sensor module 590 may include a gesture sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a bio sensor, a temperature sensor, a humidity sensor, or an illuminance sensor. May contain sensors.

The vehicle system includes a camera tracking the driver's (or user's) gaze on the vehicle 201, a camera capturing the front of the vehicle 201, lidar, laser, radar, and an advanced driver assistance system; ADAS) and an autonomous vehicle system may be further included.

An electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments of the present disclosure includes a communication module (eg, the communication module 190 of FIG. 1 ), a memory (eg, the memory 130 of FIG. 1 ) ); (201)), transmits the mobile identification information stored in the memory to the vehicle through the communication module, receives vehicle information from the vehicle, and receives digital information of the vehicle based on the vehicle information or the mobile identification information. Generate a key, transmit the generated digital key to the vehicle, receive a digital key signed by the vehicle and driver identification information from the vehicle, and store the signed digital key and driver identification information in the memory. Can be set to save.

The processor determines whether the mobile ID information included in the vehicle information corresponds to the mobile ID information stored in the memory, and if the mobile ID information included in the vehicle information corresponds to the mobile ID information stored in the memory, the It may be set to generate the digital key of the vehicle based on the vehicle information or the mobile ID information.

The processor performs authentication of the mobile ID information included in the digital key by the vehicle, and when the authentication of the mobile ID information included in the digital key is completed, the signed digital key and the driver identification information It can be set to receive from the vehicle.

The signed digital key may be signed with the private key of the vehicle, and the driver identification information may include the mobile identification information and be signed with the private key of the vehicle.

The processor requests control of the vehicle based on the digital key stored in the memory, and when the digital key and mobile identification information corresponding to the electronic device are authenticated by the vehicle, the vehicle stores the digital key stored in the memory. When driver identification information is transmitted and the driver identification information is authenticated by the vehicle, control of the vehicle may be enabled.

The processor may be configured to restrict some functions of the vehicle when the driver identification information is not authenticated by the vehicle.

When receiving a vehicle sharing request from the second electronic device, the processor authenticates second mobile ID information of the second electronic device, and when authentication of the second mobile ID information is completed, vehicle information of the vehicle It may be configured to transmit to the second electronic device, receive a second digital key from the second electronic device, and generate second driver identification information corresponding to the second electronic device.

The processor may be configured to generate the second driver identification information by signing the second digital key with the first digital key.

The processor may be configured to bind the second driver identification information to the signed second digital key and store the second driver identification information in the memory. A vehicle according to various embodiments of the present invention (eg, vehicle 201 of FIG. )) (eg, the electronic device 101 of FIG. 1) includes a communication module (eg, the communication module 190 of FIG. 1), a memory (eg, the memory 130 of FIG. 1), and the and a processor (eg, the processor 120 of FIG. 1) operatively connected to at least one of a communication module and the memory, wherein the processor operates the communication module when the electronic device is connected to a first external device. Receives first mobile ID information from the first external device, authenticates the first mobile ID information, transmits vehicle information of the vehicle stored in the memory to the first external device, and transmits vehicle information stored in the memory to the first external device. Receiving a first digital key to authenticate the first digital key, signing the first digital key based on the authentication of the first digital key, and generating first driver identification information corresponding to the first mobile identification information and transmit the signed first digital key and the first driver identification information to the first external device.

When the first mobile ID information is authenticated, the processor may be configured to include the first mobile ID information in the vehicle information and transmit the same to the first external device.

The processor determines whether the mobile ID information included in the first digital key corresponds to the first mobile ID information included in the vehicle information, and determines whether the mobile ID information included in the first digital key corresponds to the vehicle information. If it corresponds to the first mobile identification information included in the information, the first digital key may be set to be signed with the private key of the vehicle stored in the memory.

The processor may be set to generate the first driver identification information by including the first mobile identification information and signing with a private key of the vehicle stored in the memory.

When the control of the vehicle is requested, the processor authenticates the first digital key stored in the first external device, and the first mobile corresponding to the first external device based on the authentication of the first digital key. ID information may be authenticated, and when the first mobile ID information is authenticated, first driver identification information stored in the first external device may be read and authenticated.

The processor may be configured to permit control of the vehicle when the first driver identification information is authenticated, and restrict some functions of the vehicle when the first driver identification information is not authenticated.

The processor receives and stores a second digital key or second driver identification information from the first external device, and when a control of the vehicle is requested from the second external device, the second digital key stored in the second external device. A key is authenticated, second mobile ID information corresponding to the second external device is authenticated based on the authentication of the second digital key, and when the second mobile ID information is authenticated, the second mobile ID information stored in the second external device is authenticated. 2 It can be set to read and authenticate driver identification information.

The processor may be configured to allow control of the vehicle when the second driver identification information is authenticated, and restrict some functions of the vehicle when the second driver identification information is not authenticated.

6 is a flowchart illustrating a method of issuing a digital key linked to a mobile identification card by linking an electronic device and a vehicle according to various embodiments.

Referring to FIG. 6 , in operation 601, an electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments may transmit a mobile identification card to a vehicle (eg, the vehicle 201 of FIG. 2A ). . The mobile ID is for identifying the driver of the vehicle 201 and may mean a driver's license. The mobile ID information may include mobile ID signature information and MSO information. The mobile ID signature information includes a digest ID, a random value, and an information identifier of the mobile ID (e.g., name corresponding to the first user, date of birth, date of issuance, expiration date, issuing authority, ID identification number (e.g., driver's number), or a photo) or information value of a mobile ID.

The MSO information may include hash values of values included in the mobile ID signature information. The MSO information may include at least one of an MSO version, a hash algorithm version, a digest value, device information, a doctype, and validity information. In order to issue a digital key, the electronic device 101 may receive a mobile ID card issued in advance from an issuing authority (eg, the server 401 of FIG. 4 ) and store it in a memory (eg, the memory 130 of FIG. 1 ). The electronic device 101 may transmit the mobile ID stored in the memory 130 to the vehicle 201 .

According to various embodiments, operation 601 is performed when the owner of the vehicle 201 possesses a vehicle key (eg, a real vehicle key) of the vehicle 201 and requests issuance of the digital key by boarding the vehicle 201. It can be. The vehicle 201 uses a communication module (eg, the communication module 530 of FIG. 5 ) or a sensor module (eg, the sensor module 590 of FIG. 5 ) to use a real vehicle key corresponding to the vehicle 201 (eg, the sensor module 590 of FIG. 5 ). smart key). The vehicle 201 may recognize the actual vehicle key and receive a digital key issuance request through at least one of a menu displayed through a display (eg, the display 510 of FIG. 5 ), a set button, or a set voice recognition. there is. The vehicle 201 may request a mobile identification card from the electronic device 101 by connecting encrypted communication with the electronic device 101 in response to the digital key issuance request.

In operation 603, vehicle 201 may authenticate the mobile identification card. The vehicle 201 may receive a mobile ID from the electronic device 101 and authenticate the received mobile ID. The mobile ID authentication method may be performed in a device-based mode or a server-based mode, but may be performed in a device-based mode for enhanced security. The vehicle 201 may authenticate the mobile ID by the operation described in FIG. 4 .

In operation 605, the vehicle 201 may transmit vehicle information including mobile ID information to the electronic device 101 when the mobile ID authentication is completed. The mobile ID information may be the same as information included in the mobile ID, or may include some information included in the mobile ID. For example, the mobile ID information may include a digest ID or digest of an ID identification number (or a name corresponding to the first user) included in the mobile ID. The vehicle 201 may include the mobile ID information in configuration information (eg, endpoint configuration data) of the vehicle information.

According to various embodiments, the electronic device 101 may further transmit device information of the electronic device 101 . The device information of the electronic device 101 may include at least one of a phone number, a serial number, a model name, or a type of the electronic device 101 . The vehicle 201 authenticates the device information of the electronic device 101 as well as the authentication of the mobile ID, and when the authentication of the mobile ID and the device information of the electronic device 101 is completed, the vehicle information is transmitted to the electronic device ( 101).

In operation 607, the electronic device 101 may authenticate mobile ID information included in the vehicle information. The electronic device 101 may receive vehicle information including the mobile ID information from the vehicle 201 . The electronic device 101 may determine whether the mobile ID information included in the received vehicle information corresponds to the mobile ID information stored in the memory 130 . Mobile ID information stored in the memory 130 may refer to mobile ID information transmitted to the vehicle 201 in operation 601 . For example, the electronic device 101 may check whether the digest ID or digest of the ID identification number of the received mobile ID information matches MSO information stored in the memory 130 . The MSO information may include a hash value of data included in the mobile ID information (eg, mobile ID signature information 413). The operation of determining whether the mobile ID information included in the received vehicle information corresponds to the mobile ID information stored in the memory 130 may be authenticating the mobile ID information.

According to various embodiments, when the mobile ID information included in the vehicle information does not match the mobile ID information stored in the memory 130, the electronic device 101 does not generate a digital key or regenerates the vehicle information. You can request it or download the mobile ID information again from the issuing authority.

In operation 609 , the electronic device 101 may generate a digital key (eg, an encryption key pair) of the vehicle 201 . When authentication of the mobile ID information is successfully completed, the electronic device 101 may generate the digital key based on the device information or the mobile ID information. The digital key is necessary for opening the door of the vehicle 201, starting the engine, or driving autonomously, and may correspond to a real vehicle key. The electronic device 101 may receive a certificate from the first electronic device server (eg, the first electronic device server 250 of FIG. 2A ) and generate the digital key based on the certificate. The digital key may include the vehicle information or the mobile ID information.

According to various embodiments, the electronic device 101 further uses device information (eg, a phone number, serial number, model name or type of the electronic device 101, etc.) of the electronic device 101 to obtain the digital key. can also create In this case, the digital key may further include device information of the electronic device 101 as well as the vehicle information or the mobile ID information. Since the digital key cannot be moved to another device, when a user replaces an electronic device (eg, a new electronic device), a new digital key can be issued.

In operation 611, the electronic device 101 may transmit the generated digital key to the vehicle 201. The electronic device 101 may transmit the digital key to the vehicle 201 according to an encrypted protocol with the vehicle 201 .

In operation 613, the vehicle 201 may authenticate mobile identification information included in the digital key. The vehicle 201 may receive the digital key from the electronic device 101 and extract mobile ID information included in the digital key. The vehicle 201 may determine whether the mobile ID information included in the digital key corresponds to the mobile ID information included in the vehicle information. The vehicle 201 may sign the digital key with the private key of the vehicle 201 when the mobile ID information included in the digital key corresponds to the mobile ID information included in the vehicle information.

In operation 615 , the vehicle 201 may generate driver identification information by signing the mobile identification information with a private key of the vehicle 201 . The generated driver identification information may include the mobile ID information or correspond to the mobile ID information.

In operation 617 , the vehicle 201 may transmit the generated driver identification information or the digital key signed with the private key of the vehicle 201 to the electronic device 101 . The vehicle 201 may transmit the driver identification information or the signed digital key to the vehicle 201 according to the electronic device 101 and an encrypted protocol.

In operation 619-1, the electronic device 101 may receive and store the generated driver identification information or the signed digital key in the memory 130. The electronic device 101 may bind (or match) the driver identification information to the signed digital key and store it in the memory 130 . For example, the electronic device 101 stores the signed digital key or The driver identification information may be stored. Since the digital key received from the vehicle 201 is signed with the private key of the vehicle 201, it may be different from the digital key transmitted to the vehicle 201.

In operation 619-2, the vehicle 201 binds (or matches) the first driver identification information to the signed digital key and stores it in the memory 570. Although operation 619-2 is shown as being performed after operation 617 in the drawing, operation 619-2 may be performed between operations 615 and 617. This description is only for helping understanding of the invention, and the present invention is not limited by the description.

7 is a flowchart 700 illustrating a method of issuing a digital key linked to a mobile identification card in an electronic device according to various embodiments.

Referring to FIG. 7 , in operation 701, a processor (eg, processor 120 of FIG. 1 ) of an electronic device (eg, electronic device 101 of FIG. 1 ) according to various embodiments performs a communication module (eg, FIG. Mobile identification information may be transmitted to a vehicle (eg, vehicle 201 of FIG. 2A ) through the communication module 190 of FIG. 1 . The mobile ID information may include mobile ID signature information and MSO information. The processor 120 may obtain a mobile identification card in advance from an issuing authority (eg, the server 401 of FIG. 4) to issue a digital key and store it in a memory (eg, the memory 130 of FIG. 1). The electronic device ( 101 may transmit the mobile ID stored in the memory 130 to the vehicle 201 .

According to various embodiments, the processor 120 may further transmit device information of the electronic device 101 through the communication module 190 . The device information of the electronic device 101 may include at least one of a phone number, a serial number, a model name, or a type of the electronic device 101 . The vehicle 201 may authenticate device information of the electronic device 101 together with authentication of the mobile identification card.

In operation 703, the processor 120 may receive vehicle information from the vehicle 201 through the communication module 190 based on the authentication of the mobile identification information. When the mobile identification information transmitted by the vehicle 201 is identical to the mobile identification information of the driver of the vehicle 201, the processor 120 may receive the vehicle information. The vehicle information may include the mobile ID information. Included in the vehicle information may be a digest ID or digest of an ID identification number included in the mobile ID.

In operation 705, the processor 120 may generate a digital key based on the device information or the mobile identification information. Before generating the digital key, the processor 120 may authenticate mobile identification information included in the vehicle information. The processor 120 may determine whether the mobile ID information included in the vehicle information corresponds to the mobile ID information stored in the memory 130 . For example, the processor 120 may check whether the digest ID or digest of the ID identification number of the received mobile ID information matches MSO information stored in the memory 130 . Since the MSO information is a hash value of mobile ID information (eg, mobile ID signature information), the processor 120 hashes the digest ID or digest of the ID identification number to determine whether it matches the digest value of the MSO. . When the mobile ID information included in the received vehicle information corresponds to the mobile ID information stored in the memory 130, the processor 120 may generate a digital key based on the device information or the mobile ID information. The digital key may include the vehicle information or the mobile ID information.

According to various embodiments, the processor 120 further uses device information of the electronic device 101 (eg, phone number, serial number, model name or type of the electronic device 101, etc.) to generate the digital key. You may. In this case, the digital key may further include device information of the electronic device 101 as well as the vehicle information or the mobile ID information. Since the digital key cannot be moved to another device, when a user replaces an electronic device (eg, a new electronic device), a new digital key can be issued.

In operation 707 , the processor 120 may transmit the generated digital key to the vehicle 201 through the communication module 190 . The processor 120 may transmit the digital key to the vehicle 201 according to an encrypted protocol with the vehicle 201 .

In operation 709 , the processor 120 may obtain driver identification information in which the mobile identification information is bound to the signed digital key from the vehicle 201 . The vehicle 201 can authenticate the digital key, and when the authentication is successfully completed, the digital key can be signed with the private key of the vehicle 201 . In addition, the vehicle 201 may generate driver identification information by signing the mobile identification information with a private key of the vehicle 201 . The generated driver identification information may include the mobile ID information or correspond to the mobile ID information. The processor 120 may receive a digital key signed with a private key and the driver identification information from the vehicle 201 .

In operation 711 , the processor 120 may store the generated driver identification information or the signed digital key in the memory 130 . The processor 120 may bind (or match) the driver identification information to the signed digital key and store it in the memory 130 . For example, processor 120 may place the signed digital key or the Driver identification information may be stored.

8 is a flowchart 800 illustrating a method of issuing a digital key linked to a mobile identification card in a vehicle according to various embodiments.

Referring to FIG. 8 , in operation 801, a processor (eg, processor 550 of FIG. 5 ) of a vehicle (eg, vehicle 201 of FIG. 2A ) communicates with a communication module (eg, communication module 530 of FIG. 5 ). Mobile ID information (or mobile ID) may be received from an electronic device (eg, the electronic device 101 of FIG. 1 ) through Operation 801 may be performed when the owner of the vehicle 201 possesses a vehicle key (eg, a real vehicle key) of the vehicle 201 and requests issuance of the digital key by boarding the vehicle 201 . The processor 550 may recognize a real vehicle key (eg, a smart key) corresponding to the vehicle 201 using the communication module 530 or a sensor module (eg, the sensor module 590 of FIG. 5 ). The processor 550 recognizes the actual vehicle key and receives a digital key issuance request through at least one of a menu displayed through a display (eg, the display 510 of FIG. 5 ), a set button, or a set voice recognition. there is. The processor 550 connects encrypted communication with the electronic device 101 in response to the digital key issuance request, requests a mobile ID card from the electronic device 101, and receives the mobile ID information from the electronic device 101. can do.

At operation 803, processor 550 may authenticate the mobile identification card. The mobile ID authentication method may be performed in a device-based mode or a server-based mode as shown in FIG. 4, but may be performed in a device-based mode for security enhancement. The processor 550 may authenticate the mobile ID by the operation described in FIG. 4 .

In operation 805 , the processor 550 may transmit vehicle information including mobile ID information to the electronic device 101 through the communication module 530 when the mobile ID authentication is completed. The mobile ID information may be the same as information included in the mobile ID, or may include some information included in the mobile ID. For example, the mobile ID information may include a digest ID or digest of an ID identification number (or a name corresponding to the first user) included in the mobile ID. The vehicle 201 may include the mobile ID information in configuration information (eg, endpoint configuration data) of the vehicle information.

In operation 807 , the processor 550 may receive a digital key from the electronic device 101 through the communication module 530 . The digital key may include the vehicle information or the mobile ID information.

In operation 809, the processor 550 may authenticate the mobile identification information included in the digital key. The processor 550 may determine whether the mobile ID information included in the digital key corresponds to the mobile ID information included in the vehicle information. The processor 550 may sign the digital key with the private key of the vehicle 201 when the mobile ID information included in the digital key corresponds to the mobile ID information included in the vehicle information.

In operation 811, the processor 550 may generate driver identification information by binding the mobile identification information to the signed digital key. The processor 550 may generate driver identification information by signing the mobile identification information with a private key of the vehicle 201 . The generated driver identification information may include the mobile ID information or correspond to the mobile ID information.

In operation 813, the processor 550 may transmit and store the generated driver identification information or the digital key signed with the private key of the vehicle 201 to the electronic device 101 through the communication module 530. The processor 550 may bind (or match) the first driver identification information to the signed digital key and store it in a memory (eg, the memory 570 of FIG. 5 ).

9 is a flowchart illustrating a method of controlling a vehicle by authenticating a digital key associated with a mobile identification card according to various embodiments.

Referring to FIG. 9 , in operation 901, an electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments uses a digital key to open a door of a vehicle (eg, the vehicle 201 of FIG. 2A ). You can request an opening. The digital key is stored in a digital key applet (eg, digital key applet 325 of FIG. 3A) of the electronic device 101. Driver identification information may also be stored in the digital key applet 325 . A user of the electronic device 101 may approach the vehicle 201 and execute a digital key application (eg, the digital key application 315 of FIG. 3A ). A mutual authentication protocol may be performed between the electronic device 101 and the vehicle 201 by the digital key application 315 .

In operation 903, vehicle 201 may authenticate (or verify) the digital key. The digital key may be signed with the private key of the vehicle 201 . The vehicle 201 may verify the digital key by performing a mutual authentication protocol (eg, certificate chain) with the electronic device 101 . The digital key verification may follow specifications defined in CCC.

In operation 905, the vehicle 201 may allow the vehicle door to be opened when authentication of the digital key is successfully completed. The vehicle 201 may disallow door opening when authentication of the digital key fails.

In operation 907 , the electronic device 101 may transmit mobile ID information and driver identification information to the vehicle 201 . In the drawing, it is described that both mobile identification information and driver identification information are transmitted at once, but they may be transmitted at different times. For example, the electronic device 101 transmits mobile ID information first, and when the authentication of the mobile ID information is completed by the vehicle 201, the vehicle 201 transmits the digital key applet 325 of the electronic device 101. Driver identification information stored in the personal mailbox (eg, the personal mailbox 392 of FIG. 3C) included in ) can be read.

In operation 909, the vehicle 201 may authenticate the mobile identification information. Authentication of the mobile identification information may be performed by performing the device-based operation of FIG. 4 .

In operation 911, the vehicle 201 may authenticate the driver identification information. The vehicle 201 may perform signature verification on the driver identification information using a public key of the vehicle 201 . Since the driver identification information is encrypted with the private key of the vehicle 201, it can be decrypted with the public key of the vehicle 201. The vehicle 201 may determine that authentication is successful when the driver identification information is decrypted with the public key of the vehicle 201 . The vehicle 201 may determine whether the driver identification information corresponds to the mobile ID information. For example, the vehicle 201 may check whether the digest ID or digest of the ID identification number of the mobile ID information matches MSO information.

In operation 913, the vehicle 201 may permit control of the vehicle 201 when authentication of the driver identification information is successfully completed. Controlling the vehicle 201 may include opening a door to the vehicle 201, starting the vehicle 201, or operating the vehicle 201 in an autonomous driving mode. The vehicle 201 may permit all control of the vehicle 201 only when authentication of the driver identification information is successfully completed. The vehicle 201 may restrict all or part of the control of the vehicle 201 when authentication of the driver identification information is not successfully completed. For example, if authentication of the driver identification information is not successfully completed, the vehicle 201 may allow opening or starting of the vehicle 201 and may not allow an autonomous driving mode. Alternatively, the vehicle 201 may not open the door, start the vehicle 201, or not allow the autonomous driving mode if authentication of the driver identification information is not successfully completed.

10 is a flowchart 1000 illustrating a method of controlling a vehicle using a digital key in an electronic device according to various embodiments.

Referring to FIG. 10 , in operation 1001, a processor (eg, the processor 120 of FIG. 1 ) of an electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments of the present invention performs a vehicle (eg, FIG. 2A ). of the vehicle 201) and the digital key can be authenticated. The digital key may be stored in a digital key applet (eg, digital key applet 325 in FIG. 3A) of a memory (eg, memory 130 in FIG. 1) and signed with a private key of the vehicle 201. Driver identification information may also be stored in the digital key applet 325 . A user of the electronic device 101 may approach the vehicle 201 and execute a digital key application (eg, the digital key application 315 of FIG. 3A ). The processor 120 may verify the digital key by performing a mutual authentication protocol with the vehicle 201 by the digital key application 315 . The digital key verification may follow specifications defined in CCC.

In operation 1003, when the digital key authentication is completed, the processor 120 may transmit mobile ID information and driver identification information to the vehicle 201 through a communication module (eg, the communication module 190 of FIG. 1). In the drawing, it is described that both mobile identification information and driver identification information are transmitted at once, but they may be transmitted at different times. For example, the processor 120 may transmit mobile ID information first, and transmit driver identification information when authentication of the mobile ID information is completed by the vehicle 201 . When authentication of the mobile ID information is completed, the vehicle 201 provides driver identification information stored in a personal mailbox included in the digital key applet 325 of the electronic device 101 (eg, personal mailbox 392 in FIG. 3C). can be read.

In operation 1005 , the processor 120 may obtain the right to control the vehicle 201 based on information authentication. The vehicle 201 may authenticate the mobile ID information by performing the device-based operation of FIG. 4 . The vehicle 201 may perform signature verification on the driver identification information with a public key of the vehicle 201 . For example, since the driver identification information is encrypted with the private key of the vehicle 201, it can be decrypted with the public key of the vehicle 201. The vehicle 201 may determine that authentication is successful when the driver identification information is decrypted with the public key of the vehicle 201 . When both the mobile identification information and the driver identification information are successfully authenticated, the processor 120 may acquire the right to control the vehicle 201 from the vehicle 201 . Alternatively, if authentication of the driver identification information is not successfully completed, the right to control the vehicle 201 may be restricted in whole or in part. For example, if authentication of the driver identification information is not successfully completed, the vehicle 201 may allow opening or starting of the vehicle 201 and may not allow an autonomous driving mode.

FIG. 11 is a flowchart 1100 illustrating a method of permitting control of a vehicle by authenticating a digital key in a vehicle according to various embodiments.

Referring to FIG. 11 , in operation 1101, a processor (eg, processor 550 of FIG. 5 ) of a vehicle (eg, vehicle 201 of FIG. 2A ) may detect a digital key. When an electronic device including a digital key (eg, the electronic device 101 of FIG. 1 ) approaches or executes a digital key application, the processor 550 may detect the digital key. The processor 550 may detect the digital key using a communication module (eg, the communication module 530 of FIG. 5 ) or a sensor module (eg, the sensor module 590 of FIG. 5 ).

In operation 1103, the processor 550 may verify the digital key to determine whether the digital key verification is successful. The digital key may be signed with the private key of the vehicle 201 . The processor 550 may verify the digital key by performing a mutual authentication protocol (eg, certificate chain verification) with the electronic device 101 . The digital key verification may follow specifications defined in CCC.

The processor 550 may perform operation 1105 if the verification of the digital key succeeds, and may perform operation 1104 if verification of the digital key fails.

If the verification of the digital key fails, in operation 1104, the processor 550 may disallow opening the door of the vehicle 201.

If the digital key verification is successful, in operation 1105, the processor 550 may receive mobile ID information and driver identification information from the electronic device 101 through the communication module 530. In the drawings, both mobile identification information and driver identification information are described as being transmitted at once, but they may be received at different times.

In operation 1107, the processor 550 may authenticate the mobile identification information. The processor 550 may authenticate the mobile ID information by performing the device-based operation of FIG. 4 .

In operation 1109 , the processor 550 may determine whether the driver identification information is signature verified with the public key of the vehicle 201 . Since the driver identification information is encrypted with the private key of the vehicle 201, it can be decrypted with the public key of the vehicle 201. The vehicle 201 may determine that authentication is successful when the driver identification information is decrypted with the public key of the vehicle 201 .

The processor 550 may perform operation 1111 when the driver identification information is signature verified with the public key of the vehicle 201, and perform operation 1113 when the driver identification information is not signature verified with the public key of the vehicle 201. there is.

In operation 1111, when the signature verification of the driver identification information is performed using the public key of the vehicle 201, the processor 550 may allow (or grant) the right to control the vehicle. Controlling the vehicle 201 may include opening a door to the vehicle 201, starting the vehicle 201, or operating the vehicle 201 in an autonomous driving mode. The vehicle 201 may permit all control of the vehicle 201 only when authentication of the driver identification information is successfully completed.

In operation 1113, when the driver's identification information is not signature verified with the public key of the vehicle 201, the processor 550 may restrict the right to control the vehicle. The processor 550 may limit all or part of the control of the vehicle 201 . For example, the processor 550 may allow opening or starting of the vehicle 201 and may not allow an autonomous driving mode. Alternatively, the processor 550 may not allow the vehicle 201 to open the door, start the engine, or operate the autonomous driving mode.

12 is a flow diagram illustrating a method of sharing a digital key according to various embodiments.

Referring to FIG. 12 , in operation 1201, a first electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments provides a first digital key of a vehicle (eg, the vehicle 201 of FIG. 2A ). may be stored in a memory (eg, the memory 130 of FIG. 1). Hereinafter, the electronic device 101 may be referred to as the first electronic device 101 to be distinguished from the second electronic device 203 . In addition, to be distinguished from the second digital key, the digital key stored in the first electronic device 101 may be referred to as a 'first digital key'. In the first electronic device 101 , the first digital key is stored in a first digital key applet (eg, the digital key applet 325 of FIG. 3A ) of the memory 130 . First driver identification information may also be stored in the digital key applet 325 . Operation 1201 is a state in which owner pairing is completed, and may be, for example, an operation performed after the operation of FIG. 6 is completed. The first digital key may be used when controlling the vehicle 201 (eg, opening a door, starting an engine, autonomous driving).

In operation 1203, the second electronic device (eg, the electronic device 102 of FIG. 1 or the second electronic device 203 of FIG. 2A) may request vehicle sharing from the first electronic device 101. The first electronic device 101 may include a first user who owns the vehicle 201 or a vehicle sharing company (or server). The second electronic device 203 may refer to an electronic device of a second user who wants to share a vehicle.

In operation 1205, the first electronic device 101 may authenticate second mobile identification information in response to the request. The second mobile ID may be an ID corresponding to the second user of the second electronic device 203 , and the first mobile ID may be an ID corresponding to the first user of the first electronic device 101 . The first electronic device 101 may perform an operation corresponding to the reader device 405 of the mobile ID service system 400 . The first electronic device 101 may authenticate the second mobile ID information in the device-based mode or server-based mode of FIG. 4 . The first electronic device 101 may perform operation 1207 when authentication of the second mobile ID information is successfully completed. When authentication of the second mobile ID information fails, the first electronic device 101 may re-authenticate the second mobile ID information with the second electronic device 203 .

In operation 1207, the first electronic device 101 may transmit vehicle information to the second electronic device 203. The first electronic device 101 may transmit vehicle information of the vehicle 201 to the second electronic device 203 instead of the vehicle 201 . The first electronic device 101 transmits the vehicle information to the second electronic device 203 through a vehicle server (eg, the vehicle server 230 of FIG. 2A) or obtains the vehicle information from the first digital key. and can be transmitted to the second electronic device 203. According to various embodiments, the first electronic device 101 may include and transmit the second mobile ID information in the vehicle information.

In operation 1209, the second electronic device 203 may generate a second digital key based on the vehicle information. The second electronic device 203 may generate the second digital key based on a certificate issued by a second electronic device server (eg, the second electronic device server 210 of FIG. 2A ). According to various embodiments, the second electronic device 203 determines whether the second mobile ID information included in the vehicle information corresponds to the second mobile ID information stored in the memory, and if they match, the vehicle information It is possible to generate the second digital key based on. The second electronic device 203 may generate the second digital key based on the vehicle information and the second mobile ID information.

In operation 1211, the second electronic device 203 may transmit the generated second digital key to the first electronic device 101.

In operation 1213, the first electronic device 101 may receive the second digital key from the second electronic device 203 and generate second driver identification information. The first electronic device 101 may generate second driver identification information signed by the second digital key with the first digital key. The second driver identification information may include second mobile ID information of the second electronic device 203 (eg, digest ID and digest corresponding to the driver identification number) or may correspond to the second mobile ID information. The first electronic device 101 may sign the second digital key with the first digital key.

In operation 1215, the first electronic device 101 may transmit the signed second digital key or the second driver identification information to the second electronic device 203. The first electronic device 101 binds the second driver identification information (eg, a digest ID corresponding to a driver identification number to arbitrary_data of an Authorized Endpoint Attestation data field) to the signed second digital key, and then binds the memory 130. ) can be stored.

In operation 1217, the second electronic device 203 may store the signed second digital key and the second driver identification information. The second electronic device 203 stores the signed second digital key and the second driver identification information in a personal mailbox of a second digital key applet (eg, the second digital key applet 380 of FIG. 3C) (eg, It can be stored in the second personal mailbox 382 of FIG. 3C.

In operation 1219, the second electronic device 203 may request to open the door of the vehicle 201 using the second digital key. The second electronic device 203 may approach the vehicle 201 and request to open the door of the vehicle 201 by executing a digital key application.

In operation 1221, the vehicle 201 may authenticate the second mobile identification information and the second driver identification information. According to various embodiments, the first electronic device 101 may transmit the signed second digital key or the second driver identification information to the vehicle 201 . Alternatively, the signed second digital key or the second driver identification information may be transmitted to the vehicle 201 through the vehicle server 230 . The vehicle 201 may store the signed second digital key or the second driver identification information. The vehicle 201 may authenticate the signed second digital key when a control of the vehicle 201 (eg, door opening, ignition, autonomous driving) is requested (or attempted) from the second electronic device 203. there is. The signed second digital key may be signed by the first digital key. The second digital key verification may follow specifications defined in CCC.

The vehicle 201 may authenticate the second digital key identically or similarly to the authentication of the first digital key. In addition, the vehicle 201 performs the operation of FIG. 4 to authenticate the second mobile ID information for the second user of the second electronic device 203, and when the authentication of the second mobile ID information is successfully completed, The second driver identification information may be authenticated. The vehicle 201 may read and authenticate second driver identification information stored in the second personal mailbox 382 of the second digital key applet 380 of the second electronic device 203 .

In operation 1223, the vehicle 201 may allow vehicle control based on the information authentication. The vehicle 201 may verify the signature of the second driver identification information with the first digital key. The vehicle 201 may allow the second electronic device 203 to control the vehicle when authentication of the second mobile identification information and the second driver identification information is successfully completed. Alternatively, the vehicle 201 may disallow the second electronic device 203 from controlling the vehicle when authentication of the second mobile ID information and the second driver identification information fails. Alternatively, if authentication of the second driver identification information is not successfully completed, the right to control the vehicle 201 may be restricted in whole or in part. For example, if authentication of the second driver identification information is not successfully completed, the vehicle 201 may allow opening or starting of the vehicle 201, but may not allow an autonomous driving mode.

13 is a flowchart 1300 illustrating a method of sharing a digital key in a first electronic device according to various embodiments.

Referring to FIG. 13 , in operation 1301, a processor (eg, the processor 120 of FIG. 1 ) of a first electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments of the present disclosure performs a vehicle (eg, the processor 120 of FIG. 1 ). The vehicle 201 of FIG. 2A and the digital key may be stored in a memory (eg, memory 130 of FIG. 1 ). The first digital key may be stored in a digital key applet (eg, digital key applet 325 of FIG. 3A) of a memory (eg, memory 130 of FIG. 1) and signed with a private key of the vehicle 201. there is. First driver identification information may also be stored in the digital key applet 325 . The first electronic device 101 may include a first user who owns the vehicle 201 or a vehicle sharing company (or server).

In operation 1303, the processor 120 may authenticate the second mobile identification information. The processor 120 may receive a vehicle sharing request from a second electronic device (eg, the electronic device 102 of FIG. 1 or the second electronic device 203 of FIG. 2A ). The second electronic device 203 may refer to an electronic device of a second user who wants to share a vehicle. The processor 120 may authenticate second mobile ID information corresponding to the second user of the second electronic device 203 in response to the vehicle sharing request. The processor 120 may perform an operation corresponding to the reader device 405 of the mobile ID service system 400 . The processor 120 may authenticate the second mobile ID information in the device-based mode or the server-based mode of FIG. 4 .

In operation 1305, the processor 120 may transmit vehicle information to the second electronic device 203 when authentication of the second mobile ID information is successfully completed. The processor 120 may transmit vehicle information of the vehicle 201 to the second electronic device 203 instead of the vehicle 201 . The processor 120 transmits the vehicle information to the second electronic device 203 through a vehicle server (eg, the vehicle server 230 of FIG. 2A ), or acquires the vehicle information from the first digital key to obtain the second electronic device. It can be transmitted to the electronic device 203. According to various embodiments, the processor 120 may include and transmit the second mobile ID information in the vehicle information.

In operation 1307, the processor 120 may receive a second digital key from the second electronic device 203. The vehicle information may be included in the second digital key. Alternatively, the second digital key may include the vehicle information and the second mobile ID information. Processor 120 may sign the second digital key with the first digital key.

In operation 1309, the processor 120 may generate second driver identification information by signing the second digital key with the first digital key. The second driver identification information may include second mobile ID information of the second electronic device 203 (eg, digest ID and digest corresponding to the driver identification number) or may correspond to the second mobile ID information.

In operation 1311, the processor 120 may transmit the second driver identification information or the signed second digital key to the second electronic device 203. The processor 120 binds the second driver identification information (eg, applying a digest ID and digest corresponding to a driver identification number to arbitrary_data of an Authorized Endpoint Attestation data field) to the signed second digital key, and stores the memory 130 can be stored in

14 is a flowchart 1400 illustrating a method of sharing a digital key in a second electronic device according to various embodiments.

Referring to FIG. 14 , in operation 1401, a processor (eg, the processor 120 of FIG. 1 ) of a second electronic device (eg, the second electronic device 203 of FIG. 2A ) according to various embodiments performs a first Second mobile identification information may be transmitted to an electronic device (eg, the electronic device 101 of FIG. 1 ). The second mobile ID information may correspond to a second user of the second electronic device 203 . The processor 120 transmits the second mobile ID information to the first electronic device 101 (eg, a device-based mode) or transmits address information and a one-time token for issuing the second mobile ID information to the first electronic device 101 . may be transmitted to the device 101 (eg, server-based mode). The first electronic device 101 may include a first user who owns the vehicle 201 or a vehicle sharing company (or server). The second electronic device 203 may refer to an electronic device of a second user who wants to share a vehicle.

In operation 1403, the processor 120 may receive vehicle information from the first electronic device 101 through a communication module (eg, the communication module 190 of FIG. 1). The first electronic device 101 performs the operation of FIG. 4 to authenticate the second mobile ID information, and when the authentication is successfully completed, the vehicle information of the vehicle (eg, the vehicle 201 of FIG. 2A ) is transmitted to the second mobile ID. It can be transmitted to the electronic device 203. The vehicle information may be stored in the memory of the first electronic device 101 . According to the request of the first electronic device 101, the processor 120 may receive the vehicle information from the vehicle server (eg, the vehicle server 230 of FIG. 2A) through the communication module 190. The first electronic device 101 may request the vehicle server 230 to transmit vehicle information to the second electronic device 203 .

In operation 1405, the processor 120 may generate a second digital key based on the vehicle information. The processor 120 may generate the second digital key based on a certificate issued by a second electronic device server (eg, the second electronic device server 210 of FIG. 2A ). According to various embodiments, the processor 120 determines whether the second mobile ID information included in the vehicle information corresponds to the second mobile ID information stored in the memory, and if matched, based on the vehicle information The second digital key may be generated. The processor 120 may generate the second digital key based on the vehicle information and the second mobile ID information.

In operation 1407, the processor 120 may transmit the generated second digital key to the first electronic device 101. The processor 120 may transmit the second digital key according to an encrypted protocol with the first electronic device 101 .

At operation 1409, processor 120 may receive second driver identification information or a signed second digital key. The second driver identification information may be generated by signing the second digital key with the first digital key of the first electronic device 101 . The second driver identification information may include second mobile ID information of the second electronic device 203 (eg, digest ID and digest corresponding to the driver identification number) or may correspond to the second mobile ID information. The first electronic device 101 may sign the second digital key with the first digital key.

In operation 1411, the processor 120 may store the signed second digital key and the second driver identification information. The second electronic device 203 stores the signed second digital key and the second driver identification information in a personal mailbox of a second digital key applet (eg, the second digital key applet 380 of FIG. 3C) (eg, It can be stored in the second personal mailbox 382 of FIG. 3C.

According to various embodiments, the first electronic device 101 may transmit the signed second digital key or the second driver identification information to the vehicle 201 . Alternatively, the signed second digital key or the second driver identification information may be transmitted to the vehicle 201 through the vehicle server 230 . The vehicle 201 may store the signed second digital key or the second driver identification information.

The processor 120 may request control of the vehicle 201 using the signed second digital key. The vehicle 201 may authenticate the signed second digital key when control of the vehicle 201 (eg, door opening, ignition, autonomous driving) is requested (or attempted) from the second electronic device 203. there is. The vehicle 201 may authenticate the signed second digital key identically or similarly to the authentication of the first digital key. In addition, the vehicle 201 performs the operation of FIG. 4 to authenticate the second mobile ID information for the second user of the second electronic device 203, and when the authentication of the second mobile ID information is successfully completed, The second driver identification information may be authenticated. The vehicle 201 may read and authenticate second driver identification information stored in the second personal mailbox 382 of the second digital key applet 380 of the second electronic device 203 .

The vehicle 201 may permit vehicle control based on authentication of the above information. The vehicle 201 may verify the signature of the second driver identification information with the first digital key. The vehicle 201 may allow the second electronic device 203 to control the vehicle when authentication of the second mobile identification information and the second driver identification information is successfully completed. Alternatively, the vehicle 201 may disallow the second electronic device 203 from controlling the vehicle when authentication of the second mobile ID information and the second driver identification information fails. Alternatively, if authentication of the second driver identification information is not successfully completed, the right to control the vehicle 201 may be restricted in whole or in part. For example, if authentication of the second driver identification information is not successfully completed, the vehicle 201 may allow opening or starting of the vehicle 201, but may not allow an autonomous driving mode.

An operating method of an electronic device (eg, the electronic device 101 of FIG. 1 ) according to various embodiments of the present disclosure is configured to connect the electronic device to a vehicle through a communication module (eg, the communication module 190 of FIG. 1 ). operation, transmitting the mobile ID information stored in the memory of the electronic device to the vehicle, receiving vehicle information from the vehicle, generating a digital key of the vehicle based on the vehicle information or the mobile ID information, Transmitting the generated digital key to the vehicle, receiving a digital key signed by the vehicle and driver identification information from the vehicle, and storing the signed digital key and driver identification information in the memory. Actions may be included.

The generating operation may include determining whether the mobile ID information included in the vehicle information corresponds to the mobile ID information stored in the memory, and the mobile ID information included in the vehicle information corresponds to the mobile ID information stored in the memory. If so, an operation of generating a digital key of the vehicle based on the vehicle information or the mobile ID information may be included.

The signed digital key is signed with the private key of the vehicle, the driver identification information includes the mobile identification information and is signed with the private key of the vehicle, and the method performs the method based on the digital key stored in the memory. Operation of requesting control of the vehicle, operation of transmitting the driver identification information stored in the memory to the vehicle when the digital key and mobile identification information corresponding to the electronic device are authenticated by the vehicle, and operations by the vehicle The method may further include obtaining control of the vehicle based on whether the driver identification information is authenticated.

Various embodiments of the present invention disclosed in the present specification and drawings are only presented as specific examples to easily explain the technical content of the present invention and help understanding of the present invention, and are not intended to limit the scope of the present invention. Therefore, the scope of the present invention should be construed as including all changes or modifications derived based on the technical idea of the present invention in addition to the embodiments disclosed herein.

101: electronic device
120: processor
130: memory

Claims (20)

In electronic devices,
communication module;
Memory; and
a processor in operative connection with at least one of the communication module and the memory, the processor comprising:
When the electronic device is connected to the vehicle, transmits mobile ID information stored in the memory to the vehicle through the communication module;
Receiving vehicle information from the vehicle;
Generate a digital key of the vehicle based on the vehicle information or the mobile identification information;
Transmitting the generated digital key to the vehicle;
receive from the vehicle a digital key and driver identification information signed by the vehicle;
An electronic device configured to store the signed digital key and driver identification information in the memory.
The method of claim 1, wherein the processor,
determining whether mobile identification information included in the vehicle information corresponds to mobile identification information stored in the memory;
The electronic device configured to generate a digital key of the vehicle based on the vehicle information or the mobile identification information when the mobile identification information included in the vehicle information corresponds to the mobile identification information stored in the memory.
The method of claim 1, wherein the processor,
performing authentication of mobile identification information included in the digital key by the vehicle;
The electronic device configured to receive the signed digital key and the driver identification information from the vehicle when authentication of the mobile identification information included in the digital key is completed.
According to claim 1,
The signed digital key is signed with the private key of the vehicle,
The electronic device of claim 1, wherein the driver identification information includes the mobile identification information and is signed with a private key of the vehicle.
The method of claim 1, wherein the processor,
Request control of the vehicle based on the digital key stored in the memory;
When the digital key and the mobile identification information corresponding to the electronic device are authenticated by the vehicle, the driver identification information stored in the memory is transmitted to the vehicle;
An electronic device configured to enable control of the vehicle when the driver identification information is authenticated by the vehicle.
The method of claim 1, wherein the processor,
An electronic device configured to limit some functions of the vehicle when the driver identification information is not authenticated by the vehicle.
The method of claim 1, wherein the processor,
When receiving a vehicle sharing request from a second electronic device, authenticating second mobile identification information of the second electronic device;
When authentication of the second mobile identification information is completed, vehicle information of the vehicle is transmitted to the second electronic device;
Receiving a second digital key from the second electronic device;
An electronic device configured to generate second driver identification information corresponding to the second electronic device.
The method of claim 7, wherein the processor,
An electronic device configured to generate the second driver identification information by signing the second digital key with the first digital key.
The method of claim 8, wherein the processor,
An electronic device configured to bind the second driver identification information to the signed second digital key and store the second driver identification information in the memory.
In an electronic device included in a vehicle,
communication module;
Memory; and
a processor in operative connection with at least one of the communication module and the memory, the processor comprising:
When the electronic device is connected to a first external device, receiving first mobile identification information from the first external device through the communication module;
authenticating the first mobile identification information and transmitting vehicle information of the vehicle stored in the memory to the first external device;
receiving a first digital key from the first external device and authenticating the first digital key;
signing the first digital key based on authentication of the first digital key;
generating first driver identification information corresponding to the first mobile identification information;
An electronic device configured to transmit the signed first digital key and the first driver identification information to the first external device.
The method of claim 10, wherein the processor,
If the first mobile identification information is authenticated, the electronic device configured to include the first mobile identification information in the vehicle information and transmit the information to the first external device.
The method of claim 10, wherein the processor,
determining whether mobile identification information included in the first digital key corresponds to the first mobile identification information included in the vehicle information;
The electronic device configured to sign the first digital key with the private key of the vehicle stored in the memory when the mobile identification information included in the first digital key corresponds to the first mobile identification information included in the vehicle information.
The method of claim 10, wherein the processor,
An electronic device configured to generate the first driver identification information by including the first mobile identification information and signing with the private key of the vehicle stored in the memory.
The method of claim 10, wherein the processor,
When the control of the vehicle is requested, the first digital key stored in the first external device is authenticated;
authenticating the first mobile identification information corresponding to the first external device based on authentication of the first digital key;
The electronic device configured to read and authenticate first driver identification information stored in the first external device when the first mobile identification information is authenticated.
The method of claim 14, wherein the processor,
Allowing control of the vehicle when the first driver identification information is authenticated;
An electronic device configured to restrict some functions of the vehicle when the first driver identification information is not authenticated.
The method of claim 10, wherein the processor,
receiving and storing a second digital key or second driver identification information from the first external device;
When a control of the vehicle is requested from a second external device, the second digital key stored in the second external device is authenticated;
Authenticating second mobile identification information corresponding to the second external device based on authentication of the second digital key;
The electronic device configured to read and authenticate second driver identification information stored in the second external device when the second mobile identification information is authenticated.
The method of claim 16, wherein the processor,
Allowing control of the vehicle when the second driver identification information is authenticated;
An electronic device configured to restrict some functions of the vehicle when the second driver identification information is not authenticated.
In the operating method of the electronic device,
transmitting mobile identification information stored in a memory of the electronic device to the vehicle when the electronic device is connected to the vehicle through the communication module;
receiving vehicle information from the vehicle;
generating a digital key of the vehicle based on the vehicle information or the mobile ID information;
transmitting the generated digital key to the vehicle;
receiving from the vehicle a digital key signed by the vehicle and driver identification information; and
and storing the signed digital key and driver identification information in the memory.
The method of claim 18, wherein the generating operation,
determining whether mobile identification information included in the vehicle information corresponds to mobile identification information stored in the memory; and
and generating a digital key of the vehicle based on the vehicle information or the mobile identification information when the mobile identification information included in the vehicle information corresponds to the mobile identification information stored in the memory.
According to claim 18,
The signed digital key is signed with the private key of the vehicle,
The driver identification information includes the mobile identification information and is signed with the private key of the vehicle;
requesting control of the vehicle based on the digital key stored in the memory;
transmitting the driver identification information stored in the memory to the vehicle when the digital key and mobile identification information corresponding to the electronic device are authenticated by the vehicle; and
and obtaining control of the vehicle based on whether the driver identification information is authenticated by the vehicle.

Images